Scale Out Firewalls Based on Custom Metrics Supported
Where Can I Use
This?
What Do I Need?
CN-Series HSF Firewall deployment
CN-Series 11.0.x or above Container Images
Panorama
running PAN-OS 11.0.x or above
version
This test helps to validate the ability of
the CN-Series HSF cluster to auto scale, based on the custom metric
value target specified in autoscaling.
Enable Autoscaling while you create the CN-Series
HSF Cluster to autoscale based on custom metric target value specified in
autoscaling. For more information, see Deploy the HSF Cluster
Enter the CloudWatch namespace to push metrics to AWS
CloudWatch.
Enter the region of the EKS cluster.
Enter the Push interval.
Choose the Autoscaling Meric. In this example, you may
wish to choose PansessionActive.
Specify the scale in threshold and scale out threshold.
For example, if you have 2 NGFW pods running and the total number
of sessions on the firewall currently is 1000, then the cloud watch
metric will show 500 (per NGFW pod).
You can set scale out threshold to 250 and auto scale
should spin up 2 more NGFW pods.
Use show session info command on the MGMT pod to get
the session information
You can specify the maximum and minimum NGFW pods that
can auto scale.
Expected Result
: The NGFW pod should auto
scale based on the scale out threshold value